1:24 a.m.
On 07/18/2014 08:18 PM, Aline Manera wrote:
On 07/17/2014 11:49 PM, Wen Wang wrote:
>
> On 07/17/2014 08:09 PM, Aline Manera wrote:
>>
>> On 07/17/2014 12:38 AM, Wen Wang wrote:
>>> Thanks Aline. There is a problem with this patch is that after
>>> login , connect to a VM and copy the vnc link. Then close both
>>> kimchi and vnc, you will get to vnc with the link you copied as
>>> well as kimchi again without asking for a password.
>>
>> Hi Wen Wang,
>>
>> This is working as design as you didn't logout from Kimchi
>> interface, the session is still alive in cherrypy server because
>> that you are not asked for authentication
>>
>> If you check the current code on master branch you will see it also
>> behaves like that
> Thanks Aline,
>
> Thanks for the clearify. I found out even after closing the browser,
> paste the url you copied from either kimchi or vnc, you can access
> kimchi or vnc without asking for authentication with login page. Do
> you think this need to be fixed?
I don't have a formed opinion on that.
I am open to hear suggestions
From one side, we have the timeout session, i.e. if browser is closed
for more than 10 minutes the session will timeout and the user will be
asked for login
But in other hand, we could logout user when he/she closes the browser
window to improve security.
That sounds great! From the same browser I think
it's probably okay if
user closes the tabs and enter kimchi again with the same browser.
Letting user re-login after closing browser could probably be better. I
will send an RFC mail later and hear from opinions from others
>>
>>>
>>> Best Regards
>>> Wang Wen
>>>
>>> On 07/17/2014 12:44 AM, alinefm(a)linux.vnet.ibm.com wrote:
>>>> From: Aline Manera <alinefm(a)linux.vnet.ibm.com>
>>>>
>>>> V1 -> V2:
>>>> - Turn back next_url parameter to fix problems mentioned by Wen Wang
>>>> - Use urllib2.quote() to encode next_url in backend
>>>> - Use decodeURIcomponent() to decode next_url in JS
>>>>
>>>> Aline Manera (4):
>>>> Update test case to reflect new login design
>>>> Remove former login design files
>>>> Remove special console rules from nginx configuration
>>>> Let frontend redirect user after logging
>>>>
>>>> src/kimchi/auth.py | 9 +--
>>>> src/kimchi/root.py | 19 +----
>>>> src/nginx.conf.in | 11 ---
>>>> tests/test_rest.py | 2 +-
>>>> ui/css/theme-default/login-window.css | 90
>>>> ------------------------
>>>> ui/js/src/kimchi.login.js | 71 +++++++++++++++++++
>>>> ui/js/src/kimchi.login_window.js | 128
>>>> ----------------------------------
>>>> ui/pages/login-window.html.tmpl | 53 --------------
>>>> ui/pages/login.html.tmpl | 36 ++--------
>>>> 9 files changed, 79 insertions(+), 340 deletions(-)
>>>> delete mode 100644 ui/css/theme-default/login-window.css
>>>> create mode 100644 ui/js/src/kimchi.login.js
>>>> delete mode 100644 ui/js/src/kimchi.login_window.js
>>>> delete mode 100644 ui/pages/login-window.html.tmpl
>>>>
>>>
>>> _______________________________________________
>>> Kimchi-devel mailing list
>>> Kimchi-devel(a)ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>>>
>>
>